Surely someone must know a bit about XSS vulnerabilities! :)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this
I think to make the assumption that because no one either feels confident enough to answer the question of whether or not cleanArray or the CakePHP framework in generally protects against XSS attacks, no one understands the vulnerabilities is fairly shallow.
I think given the variety and varying
Sorry if it sounds like I made that assumption -- I guess my question
was a little too broad and the title a bit sensational.
To focus my question a little further, I pointed out that in the
Sanitize-html function, a simple find and replace was done on certain
characters. My (very basic)
On Aug 1, 2006, at 2:17 PM, Eric Farraro wrote:
To focus my question a little further, I pointed out that in the
Sanitize-html function, a simple find and replace was done on certain
characters. My (very basic) understanding of XSS attacks is that they
will often evade filters by using
I can't seem to find the specific example I was looking for, but I did
find this when looking back in my database for one of the tests I did:
¼script¾alert#40;¢Another Test¢#41;¼/script¾
It didn't seem to cause a problem, though I don't know if that's
because of some PHP or Apache setting; my
Just to say a bit more, I found this in the article for UTF-8 on
Wikipedia:
A badly-written (and not compliant with current versions of the
standard) UTF-8 parser could accept a number of different pseudo-UTF-8
representations and convert them to the same Unicode output. This
provides a way for
I've been reading about all types of security vulnerabilities common in
online applications, and realized that my application had some rather
large XSS holes. I found that using the Sanitize function 'cleanArray'
did a nice job in removing all? of the vulnerabilities, but I am
curious whether it